From 8dd2bb45a13adf7ecac716eae08a34e4573ee0d2 Mon Sep 17 00:00:00 2001 From: carabasdaniel Date: Wed, 27 Mar 2024 15:54:17 +0200 Subject: [PATCH] Update sidecar deployment topaz config to add model and console service (#357) --- .../sidecar-deployment/deployment.yaml | 5 +- .../sidecar-deployment/topaz-configmap.yaml | 55 ++++++++++++++++++- 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/docs/deployments/sidecar-deployment/deployment.yaml b/docs/deployments/sidecar-deployment/deployment.yaml index 702727a7..16e4728f 100644 --- a/docs/deployments/sidecar-deployment/deployment.yaml +++ b/docs/deployments/sidecar-deployment/deployment.yaml @@ -17,8 +17,8 @@ spec: # using an init container to download the topaz edge directory db file that contains our required user informations initContainers: - name: get-eds-citadel - image: busybox:1.28 - command: ["/bin/sh","-c","cd /db/;wget https://github.com/aserto-dev/topaz/raw/main/pkg/testing/assets/eds-citadel.db;"] + image: busybox:1.36 + command: ["/bin/sh","-c","cd /db/;wget --no-check-certificate https://github.com/aserto-dev/topaz/raw/main/pkg/testing/assets/eds-citadel.db;"] volumeMounts: - name: topaz-db mountPath: "/db/" @@ -31,6 +31,7 @@ spec: ports: - containerPort: 8282 - containerPort: 9292 + - containerPort: 8080 volumeMounts: - name: topaz-config mountPath: "/config/config.yaml" diff --git a/docs/deployments/sidecar-deployment/topaz-configmap.yaml b/docs/deployments/sidecar-deployment/topaz-configmap.yaml index 8dad85c7..947400b4 100644 --- a/docs/deployments/sidecar-deployment/topaz-configmap.yaml +++ b/docs/deployments/sidecar-deployment/topaz-configmap.yaml @@ -12,7 +12,7 @@ data: log_level: info directory: - db_path: /db/directory.db + db_path: /db/eds-citadel.db # remote directory is used to resolve the identity for the authorizer. remote_directory: @@ -27,6 +27,59 @@ data: health: listen_address: "0.0.0.0:9494" services: + console: + grpc: + listen_address: "0.0.0.0:8081" + # if certs are not specified default certs will be generate with the format reader_grpc.* + certs: + tls_key_path: "/root/.config/topaz/certs/grpc.key" + tls_cert_path: "/root/.config/topaz/certs/grpc.crt" + tls_ca_cert_path: "/root/.config/topaz/certs/grpc-ca.crt" + gateway: + listen_address: "0.0.0.0:8080" + # if not specified, the allowed_origins includes localhost by default + allowed_origins: + - http://localhost + - http://localhost:* + - https://localhost + - https://localhost:* + - https://0.0.0.0:* + - https://*.aserto.com + - https://*aserto-console.netlify.app + # if no certs are specified, the gateway will have the http flag enabled (http: true) + certs: + tls_key_path: "/root/.config/topaz/certs/gateway.key" + tls_cert_path: "/root/.config/topaz/certs/gateway.crt" + tls_ca_cert_path: "/root/.config/topaz/certs/gateway-ca.crt" + + model: + grpc: + listen_address: "0.0.0.0:9292" + # if certs are not specified default certs will be generate with the format reader_grpc.* + certs: + tls_key_path: "/root/.config/topaz/certs/grpc.key" + tls_cert_path: "/root/.config/topaz/certs/grpc.crt" + tls_ca_cert_path: "/root/.config/topaz/certs/grpc-ca.crt" + gateway: + listen_address: "0.0.0.0:9393" + # if not specified, the allowed_origins includes localhost by default + allowed_origins: + - http://localhost + - http://localhost:* + - https://localhost + - https://localhost:* + - https://*.aserto.com + - https://*aserto-console.netlify.app + # if no certs are specified, the gateway will have the http flag enabled (http: true) + certs: + tls_key_path: "/root/.config/topaz/certs/gateway.key" + tls_cert_path: "/root/.config/topaz/certs/gateway.crt" + tls_ca_cert_path: "/root/.config/topaz/certs/gateway-ca.crt" + http: false + read_timeout: 2s # default 2 seconds + read_header_timeout: 2s + write_timeout: 2s + idle_timeout: 30s # default 30 seconds reader: grpc: listen_address: "0.0.0.0:9292"